There's no way to turn it off. I think we should make delete get you back to the overview of the queue, so there's no need for workaround. Can you raise a Jira for this?
Also, you can install the web console as a temporary workaround. Regards -- Dejan Bosanac ---------------------- Red Hat, Inc. FuseSource is now part of Red Hat dbosa...@redhat.com Twitter: @dejanb Blog: http://sensatic.net ActiveMQ in Action: http://www.manning.com/snyder/ On Wed, Nov 14, 2012 at 10:49 AM, Tobb <torbjor...@gmail.com> wrote: > Hi, > > We recently upgraded from AMQ 5.3.0 to AMQ 5.6.0. In version 5.6.0, CSRF > protection has been added to the AMQ web console. As far as I understand, > this is done through the server generating a secret key on each request to > view a message/queue, which is in turn used to validate the requests. This > leads to some usability issues with the AMQ web console: > > 1. If a user clicks back in the browser, then no actions can be made, since > you then return to a cached page, with a stale secret key. > 2. Say you have a dead-letter queue with 19 messages, and you want to delete > 15 of them. Since deleting a message from the overview of a queue throws you > back to the overview of all the queues, this could be tedious work. In > 5.3.0, we went around this by holding ctrl in while clicking delete, so the > redirect to the all queues overview happened in a new tab. This is no longer > possible, since you can't make mulitple requests with the same secret key. > > Due to this, and the fact that the AMQ console is located on an intranet and > we no real need for CSRF protection, I would like to disable it altogether. > But is this possible? > > (I have tried to get the console to enforce a reload of the page when the > user clicks the back-button, but can't get it to work..) > > -Tobb > > > > -- > View this message in context: > http://activemq.2283324.n4.nabble.com/Disabling-CSRF-protection-tp4659303.html > Sent from the ActiveMQ - User mailing list archive at Nabble.com.
